URL reputation score

September 11, 2018

The URL Categorization feature provides policy-based control to restrict blacklisted URLs. You can control access to websites based on URL category, reputation score, or URL category and reputation score. If a network administrator monitors a user accessing highly risky websites, he or she can use a responder policy bound to the URL reputation score to block such risky websites.

Upon receiving an incoming URL request, the appliance retrieves the category and reputation score from the URL categorization database. Based on the reputation score returned by the database, the appliance assigns a reputation rating for websites. The value can range from 1 to 4, where 4 is the riskiest type of websites, as shown in the following table.

URL Reputation Rating

Reputation Comment

1

Clean site

2

Unknown site

3

Potentially dangerous or affiliated to a dangerous site

4

Malicious site

Use Case: Filtering by URL reputation score

Consider an enterprise organization with a network administrator monitoring user transactions and network bandwidth consumption. If malware can enter the network, the administrator must enhance the data security and control access to malicious and dangerous websites accessing the network. To protect the network against such threats, the administrator can configure the URL filtering feature to allow or deny access by URL reputation score.

For more information about monitoring outbound traffic and user activities on the network, see SWG Analytics.

If an employee of the organization tries to access a social networking website, the SWG appliance receives a URL request and queries the URL Categorization database to retrieve the URL category as social networking and a reputation score 3, which indicates a potentially dangerous website. The appliance then checks the security policy configured by the administrator, such as block access to sites with reputation rating of 3 or more. It then applies the policy action to control access to the website.

To implement this feature, you must configure the URL reputation score and security threshold levels by using the NetScaler SWG Wizard.

**Configuring reputation score by using the NetScaler SWG GUI:

Citrix recommends that you use the NetScaler SWG Wizard to configure the reputation score and security levels. Based on the configured threshold, you can select a policy action to allow, block or redirect traffic.

Log on to the NetScaler SWG appliance and navigate to Secure Web Gateway.

Greater than or equals to—Allow or block a website if the threshold value is greater than or equal to N, where N ranges from one to four.

Less than or equals to— Allow or block a website if the threshold value is less than or equal to N, where N ranges from one to four.

In between— Allow or block a website if the threshold value is between N1 and N2 and the range is from one to four.

Select a responder action from the drop-down list.

Click Continue and Close.

The following image shows the Security Configuration section on the NetScaler SWG Wizard. Enable the URL Reputation Score option to configure the policy settings.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.